WannaCry failed to be enough of a security wake-up call

Some IT pros did nothing to protect themselves after WannaCry.

Shares

The WannaCry ransomware attack was a wake-up call for many IT professionals, but not for all of them, according to new reports from Lastline.

During the 2018 RSA Conference in San Francisco, 200 IT pros were randomly selected to talk about ransomware and security measures in the aftermath of WannaCry. More than half (55.6 per cent) said they were well prepared for an attack of such scale. However more than a third, 35.6 per cent said they had made changes but still don't feel secure against ransomware. Almost one in ten (8.8 per cent) said they had improved nothing.

“The fact that the WannaCry incident was not a more serious wake-up call for such a significant portion of companies, particularly a whole year later, is somewhat concerning,” said Marco Cova, chief web threat analyst at Lastline. “While it is encouraging that so many organisations have made some appropriate changes, the severe operational disruption that a ransomware attack can have on an organisation means that ‘some’ changes are not enough.”

The majority also thinks ransomware is here to stay, at least for this year, and four fifths (81.2 per cent) think the number of ransomware attacks will increase in 2018, compared to the year before. Only 6.8 per cent believe there will be less attacks.

"While being completely secure against any threat may not be feasible, there are a number of steps that organisations can take to improve their security posture,” continued Cova. “Our recommendations include keeping all systems and devices up to date with the latest patches, compartmentalising vulnerable or more at-risk devices in isolated network segments, having (and testing) backups, and using systems that monitor network and system activity for signs of intrusions.”